Michiel Nolet wrote:
- User visits his favorite website, say, www.joesblog.com
- Joesblogs puts some ads on his site and sell his inventory to an
adnetwork
- Adnetwork doesn't know this "matchservice.com" ad is a scam, and
serves the user a nice 468x60 flash banner of rmatchservice.com
- If the user's IP & timezone & (mysterious other reasons) match some
parameters in the actionscript, flash file opens a popup without a click
to errorsafe.com/...
- New errorsafe page tries to install active-x and also initiates an
.exe download to try to get the user to install the program.
- User accidentally clicks install, or "open" on the exe and is now
infected w/ spyware.
So it sounds like the SWF asks the browser to open a window, and that's
it? sounds like there are browser-specific dependencies then...?
(Advertising servers are definitely in a tricky spot, because they're
always hosting content they don't create -- they have to be able to
trust the stuff they serve, and it's hard to accept ads from strangers,
people without reputations to maintain.)
jd
--
John Dowdell . Adobe Developer Support . San Francisco CA USA
Weblog: http://weblogs.macromedia.com/jd
Aggregator: http://weblogs.macromedia.com/mxna
Technotes: http://www.macromedia.com/support/
Spam killed my private email -- public record is best, thanks.
_______________________________________________
Flashcoders@chattyfig.figleaf.com
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
